I use this Node.js library to register a user via POST /{realm}/users. That's working, but I have an issue with the user activation over an E-Mail. The scenario should be, that the user registers and directly gets an E-Mail with the activation link for his account. But this case is another in Keycloak. First you have to login with the new user once and after that you get the activation link and not right after the registration process. That's too late. So I trigger the API PUT /{realm}/users/{id}/send-verify-email to send the verification link as an E-Mail.
But the E-Mail text and template are another one. It's the same as from PUT /{realm}/users/{id}/execute-actions-email, which is confusing. It is also used for a update of user info etc. which is needed. So adjusting this E-Mail template isn't an option.
Is there a possibility in the Keycloak settings to send the correct E-Mail verification mail right after registering the user? Or can I add new E-Mail templates and assign them to the API?
I'm using the current version of Keycloak: 12.0.2
Related
I've signed up for a developer account with Docusign. We have about 15 users that access a Windows Forms page from another program where they fill out the proper information and click a button that calls a NET Core Web API which creates an envelope and sends to the signer. Those 15 users don't have accounts in Docusign and don't need them to. I want to use one admin or service account that will send and receive the emails, but I can't figure out how to do this.
I used my name for the developer account and now all my (test) Docusign emails show they are from me and once the signer signs, my email receives the signed documents. I've tried creating another "Admin" account, but I don't see any way to associate that user as an "API User". When I try using that user's GUID as the ImpersonatedUserID, my RequestJWTUserToken request comes back with "consent_required". But, when I go to the link I just get an error with "The client id provided is not registered with Docusign".
Everything in the Web API is working perfectly except for the emails showing they are from me and then the signed docs coming back to my email. This should be an easy thing to change the user, but apparently it's not, or I just can't figure it out.
You were on your way to fix this, but didn't follow through.
Create new user (you did it)
Find the new userId (you did)
Update JRequestJWTUserToken (you did)
Consent error - expected, the new user did not consent.
Obtain consent. You need to have a URL built correctly like this to do this:
https://account-d.docusign.com/oauth/auth?response_type=code&scope=signature%20impersonation&client_id=7c2b8d7e-xxxx-xxxx-xxxx-cda8a50dd73f&redirect_uri=http://example.com/callback/
Once you do 5, you need to log in with the same new user account you created (you may be automatically logged in with your original developer account, so log out) and provide consent.
Then step 4 will work just fine.
https://developers.docusign.com/platform/auth/consent/obtaining-individual-consent/
I need to change the forgot password link in firebase authentication template emails from a URL to a 6 digit verification code only.
The code will be generated on 'forgot password' and emailed to the user, once received the user would need to enter this verification code into the app... and after confirmation, he/she can change their password. How can I achieve this in firebase.
If you check the Customize account management emails and SMS messages documentation you can see that the oobCode is generate and added directly to the URL, and you cannot generate it otherwise.
On this community post a similar problem to yours is suggested and the proposed solution is to generate you own verification mechanism, although it is possible it represents a lot more work on your end than using the pre existing email with url configuration.
I need some guidelines or documents to make User silent Activation(directly activate the User without sending the email) through API or UI in DocuSign.
Silent Activation using API is deprecated now and DocuSign does not allow any DS Accounts to use this in their DS plan. There are two ways to activate the user without send the email, and both ways need that you should claim emaildomain in DocuSign and all the users should belong to this claimed email domain:
a. Using SSO, you claim your email domain in the DocuSign and configure your Identity provider with DocuSign, and once SSO is correctly configured then you can activate the user without any emails.
b. A new feature added recently, with this feature You need to claim your domain, create an Organization, then there is setting at the domain level (see below snapshot) which you can select to add a user within the claimed email domain without sending an email.
When using the Docusign API (in my case, via the Sandbox/demo env), in the signing view at the top of the screen it displays the name & company of the user account that was used to authenticate with the API.
However, because this is embedded signing from my app, I would have thought we'd only have one user account - for the app. So I want to change what appears at the top there - the information on the sender of the envelope. Either to be the user account that exists in my app that created the envelope, or just to state what company sent the document.
Are there options on the API to do this? I can't see any reference to anything like this in the envelopeDefinition JSON structure in the REST API docs.
You can use the DocuSign SOBO - Send On Behalf Of Functionality
The Send On Behalf Of feature permits automated sending through the API by one account user on behalf of another account user.
More information here
I have a question about security flow of confirmation link.
I have a website on which you have to fill your email address and password after filing these information my app sends an email with a secure link to user email address. After clicking on confirmation email user automatically gets logged inside the application.
Now question :
Is there a security risk to auto login user on clicking of confirmation link ?
Is there and security risk to auto login user on clicking of confirmation link? Yes and no. It depends on what is in the link. What I would do is I would have two field in database activate_code, that is randomly generated and is_activated which is defaulted to 0. Then I will send a link to activation code and another email with activation link. Once at activation link, user will fill code and account will be activated. redirect him to login page.
Do not send user emails or any other information. just send random codes or something similar
That is my cent!
Yes there is a security concern, as Gumbo points out.
Since the user has provided an email & password, why not require he be logged in to access his confirmation page?